Commit 29749f92 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'sh-catch-invalid-uri-markdown' into 'master'

Gracefully handle garbled URIs in Markdown

Closes #41442

See merge request gitlab-org/gitlab-ce!16123
parents 5e6dd15a 0faf772b
---
title: Gracefully handle garbled URIs in Markdown
merge_request:
author:
type: fixed
...@@ -66,7 +66,7 @@ module Banzai ...@@ -66,7 +66,7 @@ module Banzai
if uri.relative? && uri.path.present? if uri.relative? && uri.path.present?
html_attr.value = rebuild_relative_uri(uri).to_s html_attr.value = rebuild_relative_uri(uri).to_s
end end
rescue URI::Error rescue URI::Error, Addressable::URI::InvalidURIError
# noop # noop
end end
......
...@@ -76,6 +76,11 @@ describe Banzai::Filter::RelativeLinkFilter do ...@@ -76,6 +76,11 @@ describe Banzai::Filter::RelativeLinkFilter do
expect { filter(act) }.not_to raise_error expect { filter(act) }.not_to raise_error
end end
it 'does not raise an exception with a garbled path' do
act = link("open(/var/tmp/):%20/location%0Afrom:%20/test")
expect { filter(act) }.not_to raise_error
end
it 'ignores ref if commit is passed' do it 'ignores ref if commit is passed' do
doc = filter(link('non/existent.file'), commit: project.commit('empty-branch') ) doc = filter(link('non/existent.file'), commit: project.commit('empty-branch') )
expect(doc.at_css('a')['href']) expect(doc.at_css('a')['href'])
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment